1219131Srwatson# $OpenBSD: keytype.sh,v 1.11 2021/02/25 03:27:34 djm Exp $ 2219131Srwatson# Placed in the Public Domain. 3219131Srwatson 4219131Srwatsontid="login with different key types" 5219131Srwatson 6219131Srwatsoncp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 7219131Srwatsoncp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak 8219131Srwatson 9219131Srwatson# Construct list of key types based on what the built binaries support. 10219131Srwatsonktypes="" 11219131Srwatsonfor i in ${SSH_KEYTYPES}; do 12219131Srwatson case "$i" in 13219131Srwatson ssh-dss) ktypes="$ktypes dsa-1024" ;; 14219131Srwatson ssh-rsa) ktypes="$ktypes rsa-2048 rsa-3072" ;; 15219131Srwatson ssh-ed25519) ktypes="$ktypes ed25519-512" ;; 16219131Srwatson ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;; 17219131Srwatson ecdsa-sha2-nistp384) ktypes="$ktypes ecdsa-384" ;; 18219131Srwatson ecdsa-sha2-nistp521) ktypes="$ktypes ecdsa-521" ;; 19219131Srwatson sk-ssh-ed25519*) ktypes="$ktypes ed25519-sk" ;; 20219131Srwatson sk-ecdsa-sha2-nistp256*) ktypes="$ktypes ecdsa-sk" ;; 21219131Srwatson esac 22219131Srwatsondone 23219131Srwatson 24219131Srwatsonfor kt in $ktypes; do 25219131Srwatson rm -f $OBJ/key.$kt 26219131Srwatson case "$kt" in 27219131Srwatson *sk) type="$kt"; bits="n/a"; bits_arg="";; 28219131Srwatson *) type=${kt%-*}; bits=${kt#*-}; bits_arg="-b $bits";; 29219131Srwatson esac 30219131Srwatson verbose "keygen $type, $bits bits" 31219131Srwatson ${SSHKEYGEN} $bits_arg -q -N '' -t $type -f $OBJ/key.$kt || \ 32219131Srwatson fail "ssh-keygen for type $type, $bits bits failed" 33219131Srwatsondone 34219131Srwatson 35219131Srwatsonkname_to_ktype() { 36219131Srwatson case $1 in 37219131Srwatson dsa-1024) echo ssh-dss;; 38219131Srwatson ecdsa-256) echo ecdsa-sha2-nistp256;; 39219131Srwatson ecdsa-384) echo ecdsa-sha2-nistp384;; 40219131Srwatson ecdsa-521) echo ecdsa-sha2-nistp521;; 41219131Srwatson ed25519-512) echo ssh-ed25519;; 42219131Srwatson rsa-*) echo rsa-sha2-512,rsa-sha2-256,ssh-rsa;; 43219131Srwatson ed25519-sk) echo sk-ssh-ed25519@openssh.com;; 44219131Srwatson ecdsa-sk) echo sk-ecdsa-sha2-nistp256@openssh.com;; 45219131Srwatson esac 46219131Srwatson} 47219131Srwatson 48219131Srwatsontries="1 2 3" 49219131Srwatsonfor ut in $ktypes; do 50219131Srwatson user_type=`kname_to_ktype "$ut"` 51219131Srwatson htypes="$ut" 52219131Srwatson #htypes=$ktypes 53219131Srwatson for ht in $htypes; do 54219131Srwatson host_type=`kname_to_ktype "$ht"` 55219131Srwatson trace "ssh connect, userkey $ut, hostkey $ht" 56219131Srwatson ( 57219131Srwatson grep -v HostKey $OBJ/sshd_proxy_bak 58219131Srwatson echo HostKey $OBJ/key.$ht 59219131Srwatson echo PubkeyAcceptedAlgorithms $user_type 60219131Srwatson echo HostKeyAlgorithms $host_type 61219131Srwatson ) > $OBJ/sshd_proxy 62219131Srwatson ( 63219131Srwatson grep -v IdentityFile $OBJ/ssh_proxy_bak 64219131Srwatson echo IdentityFile $OBJ/key.$ut 65219131Srwatson echo PubkeyAcceptedAlgorithms $user_type 66219131Srwatson echo HostKeyAlgorithms $host_type 67219131Srwatson ) > $OBJ/ssh_proxy 68219131Srwatson ( 69219131Srwatson printf 'localhost-with-alias,127.0.0.1,::1 ' 70219131Srwatson cat $OBJ/key.$ht.pub 71219131Srwatson ) > $OBJ/known_hosts 72219131Srwatson cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER 73219131Srwatson for i in $tries; do 74219131Srwatson verbose "userkey $ut, hostkey ${ht}" 75219131Srwatson ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true 76219131Srwatson if [ $? -ne 0 ]; then 77219131Srwatson fail "ssh userkey $ut, hostkey $ht failed" 78219131Srwatson fi 79219131Srwatson done 80219131Srwatson done 81250154Sjillesdone 82219131Srwatson